Surf AI Raises $57M for Agentic Security Operations as OpenAI Acquires Promptfoo — AI Agent Security Becomes a Category

Surf AI launched out of stealth on March 17 with $57 million in combined seed and Series A funding to build what CEO Yair Grindlinger described to Axios as a full agent-native replacement for the traditional security operations center.

The pitch: instead of bolting an AI copilot onto an existing SIEM, Surf AI deploys autonomous agents that triage, investigate, and remediate security incidents without human intervention at every step. SiliconAngle reported that the platform handles the full incident lifecycle — from alert ingestion through investigation to automated response — with human analysts supervising rather than manually processing each alert.

Two Sides of the Same Market

Surf AI’s launch sits alongside a related but distinct development: OpenAI’s acquisition of Promptfoo, announced on March 9. Promptfoo, backed by Insight Partners and Andreessen Horowitz, built tooling that lets enterprises systematically red-team and vulnerability-test AI systems before deployment. OpenAI is folding Promptfoo into its Frontier agent platform, making security testing a native capability rather than a third-party add-on.

The two moves target opposite ends of the same problem. Promptfoo (now inside OpenAI) secures the agents themselves — testing whether an AI agent can be manipulated, jailbroken, or exploited before it reaches production. Surf AI deploys agents as the security infrastructure — using autonomous AI to defend networks, endpoints, and applications against threats including, presumably, hostile AI agents.

CNBC reported that OpenAI framed the Promptfoo acquisition as essential infrastructure for a world where AI agents handle real transactions. As agents expand into financial workflows, the security infrastructure around them needs to keep pace.

The Funding Signal

$57 million for a stealth-mode security startup is a large bet on a category that barely existed six months ago. The “agentic SOC” concept — security operations centers staffed primarily by AI agents rather than human analysts — has been discussed in security research circles but hadn’t attracted this level of venture capital until now.

The timing tracks with broader market signals. Enterprise demand for AI agents is accelerating while security readiness lags behind — and that gap is exactly the market both Surf AI and Promptfoo are targeting.

For OpenClaw operators running always-on agent deployments, the security question is becoming unavoidable. Agents with persistent access to email, calendars, financial systems, and code repositories represent a fundamentally different attack surface than a chatbot answering questions. Surf AI is betting that securing those agents requires agents of its own.

Sources: SecurityWeek, Axios, SiliconAngle, OpenAI, TechCrunch, CNBC